P.S. These two notes from Jonathan Mayer are appended to the https://privacystudy.cs.princeton.edu/ site; the newest is from yesterday.
Note from Jonathan Mayer, the Principal Investigator (Saturday, December 18 @ 11:30pm) Hi, my name is Jonathan Mayer. I’m the Principal Investigator for this academic research study. I have carefully read every single message sent to our research team, and I am dismayed that the emails in our study came across as security risks or legal threats. The intent of our study was to understand privacy practices, not to create a burden on website operators, email system operators, or privacy professionals. I sincerely apologize. I am the senior researcher, and the responsibility is mine. The touchstone of my academic and government career, for over a decade, has been respecting and empowering users. That’s why I study topics like web tracking, dark patterns, and broadband availability, and that’s why I launched this study on privacy rights. I aim to be beyond reproach in my research methods, both out of principle and because my work often involves critiquing powerful companies and government agencies. In this instance, I fell short of that standard. I take your feedback to heart, and here is what I am doing about it. First, our team will not send any new automated inquiries for this study. We suspended sending on December 15, and that is permanent. Second, our team is prioritizing a possible one-time follow-up email to recipients, identifying the academic study and recommending that they disregard the prior email. If that is feasible, and if experts in the email operator community agree with the proposal, we will send the follow-up emails as expeditiously as possible. Third, I will use the lessons learned from this experience to write and post a formal research ethics case study, explaining in detail what we did, why we did it, what we learned, and how researchers should approach similar studies in the future. I will teach that case study in coursework, and I will encourage academic colleagues to do the same. While I cannot turn back the clock on this study, I can help ensure that the next generation of technology policy researchers learns from it. Fourth, I will engage with the communities that have contacted me about this study, which have already offered valuable suggestions for future directions to simplify, standardize, and enhance transparency for GDPR and CCPA data rights processes. I very much appreciate the earnest outreach so far, and I will be reciprocating. If you have questions or concerns about the study, please do not hesitate to reach out. I gratefully acknowledge the feedback that we have received. Thank you for reading, and again, my sincere apologies. Update from Jonathan Mayer, the Principal Investigator (Tuesday, December 21 @ 7:40pm) Thank you to the website operators, email system operators, privacy professionals, academic colleagues, and all others who have reached out about our privacy rights study. I am writing to provide an update about how we are acting on the feedback that we have received. Our top priority has been issuing a one-time follow-up message that identifies our study and that recommends disregarding prior email. We are sending those messages. We have also received consistent feedback encouraging us to promptly discard responses to study email. We agree, and we will delete all response data on December 31, 2021. Please do not hesitate to reach out with further questions or concerns, and I again offer my heartfelt apologies for the burdens caused by this study. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
